all InfoSec news
CVE-2023-2639 (factorytalk_policy_manager, factorytalk_system_services)
June 13, 2023, 9:15 p.m. |
National Vulnerability Database web.nvd.nist.gov
Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat actor to craft a malicious website that, when visited, will send a malicious script that can connect to the local WebSocket endpoint and wait for events as if it was a valid client device. If successfully …
actor automation client communication cve device devices feedback local malicious malicious website manager may network origin policy rockwell automation rules send services system threat threat actor verify website
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-45955 (lightstrip_firmware)
6 months, 1 week ago |
web.nvd.nist.gov
CVE-2023-21380 (android)
6 months, 1 week ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
6 months, 1 week ago |
web.nvd.nist.gov
CVE-2023-21385 (android)
6 months, 1 week ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
Associate Director Cyber Engineering
@ KBR, Inc. | CO102: 16800 E Centretech Pkwy,Aurora 16800 East Centretech Pkwy Building S75, Aurora, CO, 80011 USA
Application Security Engineering Manager - Security Operations (Boston)
@ Klaviyo | Boston, MA
Azure Security DevOps Engineer
@ Global Payments | North Carolina - Remote
Senior IT Planning Analyst - Cybersecurity PMO
@ Pacific Gas and Electric Company | Oakland, CA, US, 94612
Principal Business Value Consultant
@ Palo Alto Networks | Chicago, IL, United States
Sr. Specialist - Cyber Defence Operations
@ Diageo | Bengaluru Karle Town SEZ